紧凑的Aigis-sig数字签名方案软硬件协同实现方法

doi:10.11959/j.issn.2096-109x.2021026

网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (2): 64-76.doi: 10.11959/j.issn.2096-109x.2021026

• 专题：集成电路硬件安全 • 上一篇下一篇

紧凑的Aigis-sig数字签名方案软硬件协同实现方法

周朕¹^,², 何德彪¹^,², 罗敏¹^,², 李莉¹^,²

¹ 空天信息安全与可信计算教育部重点实验室，湖北武汉 430072
² 武汉大学国家网络安全学院，湖北武汉 430072

修回日期:2021-01-09 出版日期:2021-04-15 发布日期:2021-04-01
作者简介:周朕（1996- ），男，安徽亳州人，武汉大学硕士生，主要研究方向为后量子密码、密码算法设计实现。
何德彪（1980- ），男，山东阳谷人，武汉大学教授、博士生导师，主要研究方向为密码学、区块链安全等。
罗敏（1974- ），男，湖北武汉人，武汉大学副教授，主要研究方向为密码学、区块链安全等。
李莉（1976- ），女，湖北武汉人，武汉大学副教授，主要研究方向为密码学、区块链安全等。
基金资助:
国家自然科学基金(61972294);国家自然科学基金(61932016)

Compact software/hardware co-design and implementation method of Aigis-sig digital signature scheme

Zhen ZHOU¹^,², Debiao HE¹^,², Min LUO¹^,², Li LI¹^,²

¹ Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, China
² China School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China

Revised:2021-01-09 Online:2021-04-15 Published:2021-04-01
Supported by:
The National Natural Science Foundation of China(61972294);The National Natural Science Foundation of China(61932016)

摘要/Abstract

摘要：

基于理想格构造的 Aigis-sig 数字签名方案具有实现效率高、签名长度短、抗量子攻击等优势。针对Aigis-sig方案，构造了一种改进的模乘计算元件，设计了一种基于快速数论变换（NTT）算法实现环上多项式运算的紧凑硬件架构；同时以此架构为基础，提出了Aigis-sig数字签名方案的FPGA软硬件协同实现方法。实验表明，在Xilinx Zynq-7000 SoC平台上，CPU频率和硬件频率分别设置为666.66 MHz和150 MHz时，该实现方案相较于纯软件实现，签名阶段和验签阶段分别取得约26%和17%的性能提升。

关键词: 后量子密码, 数字签名, Aigis-sig, 现场可编程逻辑门阵列, 快速数论变换

Abstract:

Digital signature scheme Aigis-sig, constructed on ideal lattice, takes the advantages of high efficiency, short signature length and resistant to quantum attack, etc.An optimized modular multiplication arithmetic component was constructed and a compact hardware architecture for polynomial operation over a ring based on number theory transformation (NTT) algorithm for Aigis-sig was designed.Besides, based on this architecture, software/hardware co-design and implementation for Aigis-sig scheme on FPGA platform in cryptography was proposed.Experimental results show that the speed of signature phase and verification phase are increased by about 26% and 17% respectively, compared with the pure software implementation on Xilinx Zynq-7000 SoC platform when CPU clock frequency and hardware clock frequency are set as 666.66MHz and 150 MHz respectively.

Key words: post-quantum cryptography, digital signature, Aigis-sig, FPGA, number theory transformation

中图分类号:

TN918

周朕, 何德彪, 罗敏, 李莉. 紧凑的Aigis-sig数字签名方案软硬件协同实现方法[J]. 网络与信息安全学报, 2021, 7(2): 64-76.

Zhen ZHOU, Debiao HE, Min LUO, Li LI. Compact software/hardware co-design and implementation method of Aigis-sig digital signature scheme[J]. Chinese Journal of Network and Information Security, 2021, 7(2): 64-76.

图/表 11

表1

图1

图2

图3

表2

图4

图5

表3

表4

表5

表6

参考文献 27

[1]	KELLY J , BARENDS R , FOWLER A G ,et al. State preservation by repetitive error detection in a superconducting quantum circuit[J]. Nature, 2015,519(7541): 66-69.
[2]	SHOR P W . Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer[J]. SIAM Review, 1999,41(2): 303-332.
[3]	杨妍玲 . 后量子密码在信息安全中的应用与分析[J]. 信息与电脑(理论版), 2020,32(8): 177-181.
	YANG Y L . Application and analysis of post-quantum cryptography in information security[J]. Information and Computers (Theoretical), 2020,32(8): 177-181.
[4]	CHEN L , JORDAN S , LIU Y K ,et al. Report on post-quantum cryptography[M]. Maryland: National Institute of Standards and Technology, 2016.
[5]	ALAGIC G , ALPERIN-SHERIFF J , APON D ,et al. Status report on the first round of the NIST post-quantum cryptography standardization process[M]. Maryland: National Institute of Standards and Technology, 2019.
[6]	ROMA C A , TAI C A , HASAN M A . Energy consumption of round 2 submissions for NIST PQC standards[R]. Maryland:National Institute of Standards and Technology, 2019.
[7]	中国密码学会. 全国密码算法设计竞赛进入第2轮公钥算法[EB].
	Chinese Association for Cryptologic Research. Public key scheme selected to the second-round competition of national cryptographic algorithm competition[EB].
[8]	中国密码学会. 关于全国密码算法设计竞赛算法评选结果的公示[EB].
	Chinese Association for Cryptologic Research. Announcement of the selection results of the national cryptographic algorithm competition[EB].
[9]	REGEV O . On lattices,learning with errors,random linear codes,and Cryptography[J]. Journal of the ACM (JACM), 2009,56(6): 1-40.
[10]	AJTAI M , . Generating hard instances of lattice problems[C]// Proceedings of the twenty-eighth annual ACM symposium on Theory of Computing. 1996: 99-108.
[11]	LYUBASHEVSKY V , PEIKERT C , REGEV O . On ideal lattices and learning with errors over rings[J]. Journal of the ACM (JACM), 2013,60(6): 1-35.
[12]	中国密码学会. 数字签名方案 Aigis-sig 算法提交文档[EB].
	Chinese Association for Cryptologic Research. Submitted document of the digital signature scheme Aigis-sig[EB].
[13]	NEJATOLLAHI H , DUTT N , RAY S ,et al. Software and hardware implementation of lattice-cased cryptography schemes[J]. University of California Irvine,CECSTR 17 4 (2017).
[14]	DE C R , ROY S S , VERCAUTEREN F ,et al. Efficient software implementation of Ring-LWE encryption[C]// Proceedings of the Design,Automation ＆ Test in Europe Conference ＆ Exhibition (DATE′15). 2015.
[15]	YUAN Y J , CHENG C M , KIYOMOTO S ,et al. Portable implementation of lattice-based cryptography using JavaScript[J]. International Journal of on Computing and Networking, 2016,6(3): 309-327.
[16]	STEBILA D , MOSCA M . Post-quantum key exchange for the internet and the open quantum safe project[R]. Cryptology ePrint Archive, 2016.
[17]	AGUILAR-MELCHOR C , BARRIER J , GUELTON S ,et al. NFLlib:NTT-based fast lattice library[C]// RSA Conference. 2016: 341-356.
[18]	CHEN H , HAN K , HUANG Z ,et al. Simple encrypted arithmetic library - seal (v2.3)[R]. 2017.
[19]	TTERT N , FELLER T , SCHNEIDER M ,et al. On the design of hardware building blocks for modern lattice-based encryption schemes[C]// Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES′12). 2012.
[20]	P?PPELMANN T , GüNEYSU T , . Area optimization of lightweight Lattice-based encryption on reconfigurable hardware[C]// Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS′14). 2014.
[21]	ROY S S , VERCAUTEREN F , MENTENS N ,et al. Compact ring-LWE cryptoprocessor[C]// Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems (CHES′14). 2014.
[22]	BASU K , SONI D , NABEEL M ,et al. NIST post-quantum cryptography-a hardware evaluation study[C]// IACR Cryptology ePrint Archive. 2019:47.
[23]	DANG V B , FARAHMAND F , ANDRZEJCZAK M ,et al. Implementing and benchmarking three lattice-based post-quantum cryptography algorithms using software/hardware codesign[C]// 2019 International Conference on Field-Programmable Technology (ICFPT). 2019: 206-214.
[24]	BANERJEE U , UKYAB T S , CHANDRAKASAN A P . Sapphire:a configurable crypto-processor for post-quantum Lattice-based protocols (Extended Version)[C]// IACR Crypto.ePrint Arch. 2019:1140.
[25]	XIN G Z , HAN J , YIN T Y ,et al. VPQC:a domain-specific vector processor for post-quantum cryptography based on RISC-V architecture[J]. IEEE Transactions on Circuits and Systems I-regular Papers, 2020,67(8): 2672-2684.
[26]	FENG X , LI S G , XU S F . RLWE-oriented high-speed polynomial multiplier utilizing multi-lane stockham NTT algorithm[J]. IEEE Transactions on Circuits and Systems Ⅱ:Express Briefs, 2019,99: 1.
[27]	DU C H , BAI G Q . Towards efficient polynomial multiplication for Lattice-based cryptography[C]// 2016 IEEE International Symposium on Circuits and Systems (ISCAS). 2016: 1178-1181.

(n,q)	(k,l)	(η₁,η₂)	公钥长度/byte	私钥长度/byte	签名长度/byte
256, 3 870 721	5,4	2,5	1 312	3 376	2 445

正向与反向NTT阶段	所需旋转因子次数（以为w₅₁₂基准）
0 / 7	128
1 / 6	64
2 / 5	32
3 / 4	16
4 / 3	8
5 / 2	4,12
6 / 1	2,6,10,14
7 / 0	1,3,5,7,9,11,13,15

设计	模数q	平台	LUT	DSP	Bram	频率/MHz	时钟数
本文	3 870 721	Artix-7	1 623	7	1	168	1 041
文献[21]	7 681	Virtex-7	1 349	1	2	313	≈1 210
文献[21]	12 289	Virtex-7	1 536	1	3	278	≈1 210
文献[26]	1 049 089	Spantan-6	≈14 000	128	1	—	220
文献[27]	—	Spantan-6	533	1	2	233	4 066
文献[24]	7 681	TSMC	—	—	—	72	1 289
注：“—”表示无法获得。

测试项目	所用时间/s
5×10⁵万次RAM读+5×10⁵次RAM写+5×10⁵次NTT	75.42
1次RAM读+1次RAM写+5×10⁵次NTT	4.68

实现方法	FF	LUT	DSP	Bram	速度/ms·次^-1
软硬件协同	2 057	1 997	7	1	49.82
纯软件	498	374	0	0	68.18

紧凑的Aigis-sig数字签名方案软硬件协同实现方法

Compact software/hardware co-design and implementation method of Aigis-sig digital signature scheme

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 27

相关文章 11

Metrics

推荐阅读 0

[1]	高艺恬, 陈立全, 屠天扬, 高原, 陈芊叶. 基于BRLWE的物联网后量子加密技术研究[J]. 网络与信息安全学报, 2022, 8(5): 140-149.
[2]	刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.
[3]	宋永成, 黄欣沂, 伍玮, 陈海霞. 基于编码的数字签名综述[J]. 网络与信息安全学报, 2021, 7(4): 1-17.
[4]	吕尧, 侯金鹏, 聂冲, 苏铓, 王彬, 蒋鸿玲. 基于SM9算法的部分盲签名方案[J]. 网络与信息安全学报, 2021, 7(4): 147-153.
[5]	谢绒娜,毛卫华,史国振. 基于签名认证的电子发票真伪性验证方案[J]. 网络与信息安全学报, 2019, 5(6): 105-112.
[6]	付钰,孙连亮,吴晓平. 基于WPKI和虹膜识别的二维码安全管理系统[J]. 网络与信息安全学报, 2018, 4(5): 62-68.
[7]	唐紫鑫,黄欣沂. 基于批量签名思想的可截取签名构造[J]. 网络与信息安全学报, 2018, 4(12): 44-53.
[8]	郭青霄,张大伟,常亮,刘晓东,宋靖文. 基于SM2的代理保护代理签名的设计与实现[J]. 网络与信息安全学报, 2017, 3(9): 47-54.
[9]	高天寒,李艳强. 车载自组织网匿名接入认证机制研究综述[J]. 网络与信息安全学报, 2016, 2(8): 10-16.
[10]	张彩娟,游林. 基于双线性对的多重数字签名方案[J]. 网络与信息安全学报, 2016, 2(6): 66-70.
[11]	任方,郑东,范九伦. 基于纠错码的数字签名技术综述[J]. 网络与信息安全学报, 2016, 2(11): 1-10.